I've been playing with ippl and logcheck lately. They're a good thing, and I recommend them for anybody who's connected 24/7 with cable, DSL, or my beloved ethernet and T1. Ippl logs anybody who connects to your machine. It is quite noisy, howerver, because you would be suprprised how much connecting a system does. However, if anybody scans you, you will know. http://www.pltplp.net/ippl/ At the same time, I use logcheck, which scans my system log every once in a while (every hour) and tells me (via mail) if there were any security problems. Additionally, I get a rundown of odd events that have happened. Used in conjunction with ippl, it gives the paranoiac in me something to think about. http://www.psionic.com/misc/disclaim/ Here's a typical logcheck report, you can see the ippl entries, too.: Security Violations =-=-=-=-=-=-=-=-=-= Oct 2 11:42:17 brownie ippl: ICMP message type destination unreachable - bad port from localhost [127.0.0.1] Oct 2 11:42:17 brownie ippl: ICMP message type destination unreachable - bad port from localhost [127.0.0.1] Unusual System Events =-=-=-=-=-=-=-=-=-=-= Oct 2 11:03:33 brownie ippl: smtp connection attempt from f96.law10.hotmail.com [64.4.15.96] Oct 2 11:04:18 brownie ippl: imap2 connection attempt from [207.189.132.87] Oct 2 11:04:18 brownie imapd[909]: connect from 207.189.132.87 Oct 2 11:04:18 brownie imapd[909]: imap service init from 207.189.132.87 Oct 2 11:04:18 brownie imapd[909]: Authenticated user=rick host=[207.189.132.87] Oct 2 11:08:50 brownie ippl: smtp connection attempt from 207.189.131.103 Oct 2 11:18:03 brownie ippl: port 16001 connection attempt from localhost [127.0.0.1]
